Scan Frequency
Schedule recurring scans so FOSSA picks up newly disclosed vulnerabilities and license changes even when your code hasn't changed.
Overview
By default, FOSSA scans a project when new code is pushed. Scheduled scans run independently of commits, useful for surfacing newly disclosed CVEs, updated license data, or policy changes against your existing dependencies without waiting for the next code change.
Scan frequency is configured via update hooks. Settings live at Organization Settings > Projects > Update Hooks for org-wide defaults, and can be overridden per-project in Project Settings > Update Hooks.
- 1
Enable update hooks
Toggle Enable update hooks on. Scheduled scanning is off by default.
- 2
Set the frequency
Configure how often scans run:
Setting Options Update every Any positive integer combined with Hour(s), Day(s), or Week(s) Update time Time of day in 30-minute increments, only available when the interval unit is Day(s) The default is every 2 Days at 12:00 AM.
- 3
Save and propagate
Click Save. To apply the new defaults to existing projects, click Propagate.
What's next
- Automatic Updates: Learn how FOSSA re-builds and re-scans projects on commit, schedule, or CI pipeline triggers.
- Issue Scanners: Configure which types of issues trigger notifications and gate your CI/CD builds.